On Wed, Mar 06, 2019 at 07:28:20PM -0700, Andrew Hewus Fresh wrote:
> This updates p5-Email-Address which fixes a CVE, no other changes and no
> apparent fallout in dependent ports.
>
> https://metacpan.org/changes/release/RJBS/Email-Address-1.912
>
> Stuart, you're welcome to commit it if you want.
>
> The docs say:
>
> > Version 1.909 and earlier of this module had vulnerabilies
> > (CVE-2015-7686) and (CVE-2015-12558) which allowed specially
> > constructed email to cause a denial of service. The reported
> > vulnerabilities and some other pathalogical cases (meaning they really
> > shouldn't occur in normal email) have been addressed in version 1.910
> > and newer. If you're running version 1.909 or older, you should
> > update!
>
> OK? Comments?
OK bluhm@
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Email-Address/Makefile,v
> retrieving revision 1.14
> diff -u -p -r1.14 Makefile
> --- Makefile 20 Jun 2018 16:17:56 -0000 1.14
> +++ Makefile 7 Mar 2019 02:26:00 -0000
> @@ -4,7 +4,7 @@ COMMENT= RFC 2822 address parsing and cr
>
> MODULES= cpan
> PKG_ARCH= *
> -DISTNAME= Email-Address-1.909
> +DISTNAME= Email-Address-1.912
> CATEGORIES= mail
>
> MAINTAINER= Stuart Henderson <sthen@openbsd.org>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/mail/p5-Email-Address/distinfo,v
> retrieving revision 1.11
> diff -u -p -r1.11 distinfo
> --- distinfo 20 Jun 2018 16:17:56 -0000 1.11
> +++ distinfo 7 Mar 2019 02:26:00 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (Email-Address-1.909.tar.gz) = byxTJ1FxjrXjANKV+xhpXZUldH07ufLdcy5JA6g2/VA=
> -SIZE (Email-Address-1.909.tar.gz) = 41490
> +SHA256 (Email-Address-1.912.tar.gz) = D6N4UpjML2eA5j46X7HKgU3Lw2DOtZ7Y+oTrT/oG+e8=
> +SIZE (Email-Address-1.912.tar.gz) = 42390
No comments:
Post a Comment